What to Do If You're the Victim of a Data Breach

Below:

Next story in Tech and gadgets

Has an online company with which you have an account been hacked?
Have you received an email informing you that your personal
information has been lost in a data breach?

If so, you're not alone. In the past year, LinkedIn, eHarmony,
Twitter and, most recently, LivingSocial have suffered data
breaches that together exposed more than 60 million accounts.
Other companies will be sure to follow.

If you're among the millions of consumers who may have been
exposed by a data
breach, here's what to do.

— Pin down exactly what kind of information was lost in the data
breach, and how it was protected.

Names and physical addresses are the least sensitive pieces of
information; email addresses and account passwords are more
sensitive; Social Security numbers and credit-card numbers are
the most sensitive (and the most valuable to identity thieves).

The company suffering the breach may tell you that even though
email passwords or credit-card numbers were lost, they were
encrypted and hence safe.

Don't take that assurance at face value. Hackers and
cybercriminals have a number of different ways to "crack" many
forms of encryption. If your password was less than eight
characters long or used words that can be found in the
dictionary, it's as good as cracked.

— Change the password on your account with the affected company
right away, if the company hasn't already done so for you.
If you use the same password for accounts with other companies,
change those as well.

While you're changing the password for other accounts, make up
and use a
new, strong password for each and every one. Don't reuse a
password for another account. That way, you'll be limiting the
damage next time there's a data breach, and you won't have to go
through this process again.

— Contact your bank and your credit-card issuers, explain that
your accounts are at risk of fraud and ask them to alert you
immediately if they detect suspicious activity on your
accounts.

Professional credit-card thieves will try to "bust out"
stolen card numbers with many purchases in a matter of hours,
often on weekends when banks are not fully staffed.

— Ask your country's major consumer credit-reporting bureaus to
place a fraud alert on your name. This way, if anyone tries to
steal your financial identity — for example, by trying to open a
credit-card account in your name — you'll know.

Residents of the United States, Canada and Mexico should contact
the credit bureaus Equifax and TransUnion; U.S. or Mexican
residents should also contact Experian, which no longer operates
in Canada.

British residents should contact Callcredit, Equifax or Experian;
residents of Australia and New Zealand should contact Veda or
Experian; residents of Ireland should contact the Irish Credit
Bureau or Experian.

— Look into credit-protection services that will flag
suspicious activity on your accounts. BillGuard, for example,
will monitor up to three credit cards for free; more expensive
"identity protection" services will monitor your accounts with
the credit bureaus.

— Losing your
personally identifiable information in a data breach doesn't
guarantee you'll become a victim of identity theft. But if that
does indeed happen, make sure to tell the credit-reporting
bureaus right away.

If you detect credit- or debit-card fraud, contact the card
issuer immediately. Doing so may limit your liability.

If you're a U.S. resident, you should also contact the Federal Trade Commission to create an
identity-theft affidavit, and then file a report with your
local police force. Doing both will greatly aid you in
clearing your name (which, in the worst cases, can take
years). Make sure you document each phone call made, and
each email message and letter sent, during your efforts.